Cyber Access Control | MFA Enterprise Password Management | Access Smart

Archive for Online Security,

Are you an SEO Cyber Mule? I was.

Cyber MuleAn SEO Cyber Mule or SEO Hack is when unauthorized links are embedded into your website without your knowledge for the sole purpose of increasing Google rankings. For Google to increase a site rankings they look for the number of one-way backlinks. That’s why the hackers do it. In most cases these links are to pornographic movies, material and services that have nothing to do with your business. These links are positioned so they don’t actually appear on the webpage, but Google can still see them when they send in the spiders. So why is this problem?

Other than the obvious reason that someone has injected code into your site without your permission, the bigger issue is that if Google discovers these links and deems them inappropriate, your site will be blacklisted. Blacklisting is when Google and other search engines no longer index your site. When someone is searching using your keywords, your site will never come up.  Google often never informs web owners that they have been blacklisted, and the effort to get off the list can be very time consuming. Read More→

Cyber Warfare Protection Start With Cyber Authentication

Cyber Security begins with Network Access Authentication

Network Access AuthenticationMy first Law of Computers took a step backwards on November 20, 2012 with the announcement of the Pentagon’s new Cyber Warfare Central proposed by DARPA, Code Name “PlanX”.  The Pentagon is giving birth to a brand new, baby branch. Besides the Army, Navy, Air Force, Marines and Coast Guard we now have the Geeks. I wonder if their anthem will be the theme from Star Trek and the service men and woman will use the famous “three finger salute” to honor each other.

The DARPA proposal states:

DARPA is soliciting innovative research proposals in the area of understanding, planning, and managing military cyber operations in real-time, large-scale, and dynamic network environments. Plan X will conduct novel research into the nature of cyber warfare and support development of fundamental strategies needed to dominate the cyber battlespace. Proposed research should investigate innovative approaches that enable revolutionary advances in science, devices, or systems. Specifically excluded is research that primarily results in evolutionary improvements to the existing state of practice.

Cyberspace is the new battlefield as I blogged about earlier. Identity theft has migrated into cyber warfare. It’s no longer about governments attacking governments, armies against armies, or radicals against governments. Everyone and everything is a target: civilians, corporations and infrastructure are part of the cyber battlefield. The cyber warriors are found in their home basements, internet cafes, etc..

Network access has to begin before the firewall. Plan X only emphasizes the demand to implement my second Law of Computers – Law #2: Computers must first positively authenticate the user, determine that user’s rights and privileges, and leave an accountability record before executing its programs.

 

See FoxNews article, Inside ‘Plan X’:’ The Pentigon’s Plan for cyberweapon central for more cyber warfare information

Dovell’s Three Laws of Computers

Network Access Authentication is essential to the Laws of Computers

Laws of Computers

The concept of mechanical devices that will do manual and menial labor can be traced back to Ancient Greece. Whether it’s an automaton by Hephaestus or Honda’s Asimo robot, they all have something in common, a human-written program that controls the machine’s behaviors and actions. In a 1942 short story “Runaround,” Isaac Asimov first introduced the “Three Laws of Robotics” that is accepted as gospel among roboticists. As recently as 2011, the Engineering and Physical Sciences Research Council (EPRSC) and the Arts and Humanities Research Council (AHRC) of Great Britain jointly published a set of five ethical “principles for designers, builders and users of robots” that built off of Asimov’s laws. But what is a robot?

Robots are basically computers with mechanical appendages that give them some form of mobility. There seems to be no consensus on which machines actually qualify as a robot, but many designs seem to mimic humans or animals. While Isaac thought it necessary to write laws for a fictitious device and the EPRSC published their five laws, the “brain” controlling robots is left to total anarchy: The Computer. There needs to be Three Laws of Computers.

Computers, unlike robots, are all around us. They help in cooking our food, powering our homes, communicating around the world, and traveling to the far reaches of space. Young kids today are more adept with a mouse than a pencil. Computers are being used for good things like producing clean drinking water to terrible things like spinning uranium to create nuclear weapons. With all its uses, it seems odd that the founders of the computer age – Charles Babbage,  Calvin Gotlieb, Michael Dell, Tom Watson, Steve Jobs, Bill Gates, Dr. Wang, Hewlett or Packard to name a few – never saw the need to write any Laws of Computers.

If robots are just mechanical extensions of computers, and a computer controls the robot’s actions, movements and tasks, then before one has laws on robotics shouldn’t there first be laws governing computers? Therefore, I have taken it upon myself to publish:

Dovell’s Three Laws of Computers.

 Law #1: Computers must not, or allow other computers to, harm humans or other sentient life forms as they complete their series of commands (program) given to it.

 Law #2: Computers must first positively authenticate the user, determine that user’s rights and privileges, and leave an accountability record before executing its programs.

 Law #3: Computers must automatically learn, configure and remember how each human wants it to behave and then instantly recall that configuration every time that human accesses it.

Read More→

Chicken Little Warns About Network Access Authentication

Network Access Authentication

Copyright: Walt Disney Productions

USB Smart Card Readers for Network Access Authentication are Still Safe.

A number of online computer news sites are abuzz about a security team’s prototype malware that hijacks USB smart card readers. It seems that a research team out of Luxembourg has issues a “Proof-of-Concept” malware attack that can take over your USB smart card reader. While any malware notice is important and needs to be monitored, business may be wondering the severity of the attack and if they need to rip out their smart card infrastructure because their network access authentication is in jeopardy.

Here are my thoughts:

  1. This is only a proof-of-concept and not a deployed attack.
  2. Every piece of computer hardware and software are susceptible to malware.
  3. Security relies on many barriers and layers. If you’re vulnerable to one attack you probably are vulnerable to many others.
  4. If the computer is vulnerable to malware, then other more dangerous programs will more likely be installed like key loggers or the Zeus Trojan Horse. In that case there is probably no need to attack the smart card since these other programs are far more destructive.

Conclusion:

Companies don’t need to rip out all their smart card readers and replace them with the expensive keypad ones. Smart card reader companies will look into the potential malware vulnerability and make whatever driver modifications necessary. IT needs to keep an eye out for any driver updates and install them.

Finally, security has many levels and points of attacks. If you are concerned about your company’s vulnerability then contact a consultant and ask for a security assessment. We list some leading companies on our site under the partners tab.

Exporting Power LogOn

Network Access AuthenticationAccess Smart received their ECCN classification determination number today from the US Dept. of Commerce. We are classified as a 5D992b Information Security Software product which allows Access Smart to ship our Power LogOn software and licenses internationally.

Under this classification, no additional export documentation is required. Purchases can be made and shipped though the internet.

“We are very pleased to receive this classification since it allows our international customers faster and simpler fulfilment “, said Dovell Bonnett, Founder and CEO of Access Smart.

Please contact Access Smart for a no obligation consultation on how best to implement Authentication, Authorization and Non-Repudiation into your business. Access Smart – The Alternative to PKI.

“The first line of defense is authenticating who’s knocking on your network’s ‘front door’. That’s why data security begins with network access authentication, and network access authentication begins with Power LogOn.” – Dovell Bonnett, Founder and CEO of Access Smart